class lustre::iptables (
   $enable_firewall_wn     = true,
){
  if $enable_firewall_wn {
    file{"/etc/sysconfig/iptables":
      mode       =>  '600',
      owner      =>  'root',
      group      =>  'root',
      source     =>  "puppet:///modules/${module_name}/iptables-for-lustre",
      notify     =>  Service["iptables"],
    }
    service {"iptables":
      ensure      => running,
      hasstatus   => true,
      hasrestart  => true,
      enable      => true,
    }
  }
  else {
    service {"iptables":
      ensure      => stopped,
      hasstatus   => true,
      hasrestart  => true,
      enable      => false,
    }
  }
}
